[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Upgrading to 2.1.8 breaks binding



Are you storing encrypted password in your ldap database?  If so, did you
--enable-crypt when you compiled?



> Since I upgraded from 2.0.25 to 2.1.8 I can no longer bind from
> authentication clients like radius to my openldap server. When I try,
> the error reported in my ldap log file is:
>
>   Conn=3 op=0 RESULT tag=97 err=49 text=
>
> It turns out that error 49, from ldap.h, means that the credentials are
> invalid (LDAP_INVALID_CREDENTIALS).  I know I'm using the correct
> password of the entry I'm trying to bind as.  I've also tried to bind as
> that entry to read its own entry using ldapsearch.  But version 2.1.8
> won't allow me to bind as this (or any other except Manager and Admin)
> entry.  However, version 2.0.25 did.  2.1.8 will only allow me to bind
> as cn=Manager,dc=example,dc=org or as cn=Admin,dc=example,dc=org.  It
> will not allow binding by any other entry in the database.
>
> I'm using virtually the same config file, the only change being that
> I've included "allow bind_v2" and I've changed ldbm to bdb as the
> backend database (I also upgraded the Berkeley db to version 4).
>
> My access list is as follows:
>
> access to attr=userPassword
> 	by self write
> 	by anonymous auth
> 	by dn="cn=Admin,dc=example,dc=org write
> 	by * none
> access to *
> 	by self write
> 	by dn="cn=Admin,dc=example,dc=org" write
> 	by * read
>
> Can anyone help me figure out what I need to do to recover the lost
> functionality?
>
> Thanks,
>
> Mike